A Conceptual Framework for Enhancing Information Security Compliance Behaviours in E-Government in Saudi Arabia

Alqahtani, Mohammed

A Conceptual Framework for Enhancing Information Security Compliance Behaviours in E-Government in Saudi Arabia

Alqahtani, Mohammed

Permalink

Publication Type:: Thesis
Issue Date:: 2022

Embargoed

	Filename	Description	Size
	01front.pdf	contents and abstract	522.5 kB	Adobe PDF	View/Open
	02whole.pdf	thesis	4.31 MB	Adobe PDF	View/Open

Copyright Clearance Process

Recently Added
In Progress
Embargoed
Open Access

This item is currently unavailable due to the publisher's embargo.

The embargo period expires on 7 Feb 2025

Full metadata record

Field	Value	Language
dc.contributor.author	Alqahtani, Mohammed
dc.date.accessioned	2023-03-30T03:32:37Z
dc.date.available	2023-03-30T03:32:37Z
dc.date.issued	2022
dc.identifier.uri	http://hdl.handle.net/10453/168831
dc.description	University of Technology Sydney. Faculty of Engineering and Information Technology.	en_US.UTF-8
dc.description.abstract	Information and communication technology (ICT) has become integral to all communities. Governments utilise ICT to interact and connect over the internet with different stakeholders including citizens, employees, people from other countries, private businesses and other governments and people who use the services; this is named e-government. Security threats to digital infrastructure such as e-government are growing exponentially with the proliferation of digital devices and users of ICT are experiencing more data breaches, service unavailability and other digital disruptions than ever before. That is where information security plays a vital role. Information security protects information from unauthorised access, disclosure, disruption, modification, and destruction to ensure integrity, confidentiality, and availability. To combat information security threats, organisations create security measures to stop threats against their information and technology resources. To exemplify this, information security policies specify the proper uses of organisational information and technology resources, and include formalised sets of guidelines, procedures and technical controls to which employees must adhere. However, while these guidelines provide the best directions for security, they do not automatically translate into desirable security behaviours. Cyber criminals are widely recognised in mainstream media as being responsible for data breaches and attacks. However, employees’ intentional and unintentional non-compliance causes most security breaches despite ISPs and measures. Hence, identifying what drives employees’ compliance with ISPs and requirements is a significant advance that can guide organisations to define strategies to improve their employees’ compliance with ISPs and requirements. To this end, first a systematic literature review was conducted to lay the groundwork for understanding the factors influencing and enhancing information security compliance behaviour. Drawing on findings from the systematic literature review and informed by concepts from social support theory and the theory of planned behaviour, along with aspects of the unified theory of acceptance and use of technology model, a theoretical framework was developed that shows the factors that can enhance employees’ compliance with information security. The framework has been based on the identified factors such as accountability of employees; adaptability of individuals; information security awareness; facilitating conditions and resources provided by the employer; monitoring of employees; social influence and technical controls that predicts information security compliance attitude and behaviour. The framework was then validated through findings from a quantitative and qualitative study in the context of e-government in Saudi Arabia. This study augments previous compliance studies by confirming previously identified factors for predicting compliance behaviour and identifying new factors.	en_US.UTF-8
dc.format	Thesis (PhD)
dc.language.iso	en_US	en_US.UTF-8
dc.relation	https://opus.lib.uts.edu.au/bitstream/10453/168831/2/02whole.pdf
dc.rights	info:eu-repo/semantics/embargoedAccess
dc.rights	The author owns the copyright in this thesis including all reproduction and reuse rights for the work. The work may not be altered without the permission of the copyright owner. Attribution is essential when quoting or paraphrasing from this thesis.
dc.rights	© 2022 Mohammed Alqahtani
dc.rights	au.edu.uts.lib/ppc
dc.title	A Conceptual Framework for Enhancing Information Security Compliance Behaviours in E-Government in Saudi Arabia	en_US.UTF-8
dc.type	Thesis
utslib.copyright.status	embargoed	*
utslib.copyright.embargo	2025-02-07T00:00:00+1000

Abstract:

Information and communication technology (ICT) has become integral to all communities. Governments utilise ICT to interact and connect over the internet with different stakeholders including citizens, employees, people from other countries, private businesses and other governments and people who use the services; this is named e-government. Security threats to digital infrastructure such as e-government are growing exponentially with the proliferation of digital devices and users of ICT are experiencing more data breaches, service unavailability and other digital disruptions than ever before. That is where information security plays a vital role. Information security protects information from unauthorised access, disclosure, disruption, modification, and destruction to ensure integrity, confidentiality, and availability. To combat information security threats, organisations create security measures to stop threats against their information and technology resources. To exemplify this, information security policies specify the proper uses of organisational information and technology resources, and include formalised sets of guidelines, procedures and technical controls to which employees must adhere. However, while these guidelines provide the best directions for security, they do not automatically translate into desirable security behaviours. Cyber criminals are widely recognised in mainstream media as being responsible for data breaches and attacks. However, employees’ intentional and unintentional non-compliance causes most security breaches despite ISPs and measures. Hence, identifying what drives employees’ compliance with ISPs and requirements is a significant advance that can guide organisations to define strategies to improve their employees’ compliance with ISPs and requirements. To this end, first a systematic literature review was conducted to lay the groundwork for understanding the factors influencing and enhancing information security compliance behaviour. Drawing on findings from the systematic literature review and informed by concepts from social support theory and the theory of planned behaviour, along with aspects of the unified theory of acceptance and use of technology model, a theoretical framework was developed that shows the factors that can enhance employees’ compliance with information security. The framework has been based on the identified factors such as accountability of employees; adaptability of individuals; information security awareness; facilitating conditions and resources provided by the employer; monitoring of employees; social influence and technical controls that predicts information security compliance attitude and behaviour. The framework was then validated through findings from a quantitative and qualitative study in the context of e-government in Saudi Arabia. This study augments previous compliance studies by confirming previously identified factors for predicting compliance behaviour and identifying new factors.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/168831